Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-3657 A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | 7.5 | HIGH | — | 0 |
| CVE-2024-31444 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php`... | 4.6 | MEDIUM | — | 0 |
| CVE-2024-31445 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allo... | 8.8 | HIGH | — | 0 |
| CVE-2024-31458 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly che... | 4.6 | MEDIUM | — | 0 |
| CVE-2024-31459 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilit... | 8.0 | HIGH | — | 0 |
| CVE-2024-23154 A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a ... | 7.8 | HIGH | — | 0 |
| CVE-2024-31460 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concat... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-32735 An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32736 A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function withi... | 7.5 | HIGH | — | 0 |
| CVE-2024-32737 A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function wit... | 7.5 | HIGH | — | 0 |
| CVE-2024-32738 A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within M... | 7.5 | HIGH | — | 0 |
| CVE-2024-32739 A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function withi... | 7.5 | HIGH | — | 0 |
| CVE-2024-34340 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-34459 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext i... | 7.5 | HIGH | — | 0 |
| CVE-2024-4822 Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-4823 Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and d... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0830 A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execu... | 8.7 | HIGH | — | 0 |
| CVE-2024-4853 Memory handling issue in editcap could cause denial of service via crafted capture file | 3.6 | LOW | — | 0 |
| CVE-2024-4854 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file | 6.4 | MEDIUM | — | 0 |
| CVE-2024-28165 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiali... | 8.1 | HIGH | — | 0 |
| CVE-2024-31486 A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-33004 SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see t... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34687 SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-33485 SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby ... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-35176 REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XM... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-27407 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() | 8.4 | HIGH | — | 0 |
| CVE-2024-35790 In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nod... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-23158 A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability ... | 7.8 | HIGH | — | 0 |
| CVE-2024-36048 QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which ma... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35869 In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mou... | 8.4 | HIGH | — | 0 |
| CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already ... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-35937 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fu... | 7.1 | HIGH | — | 0 |
| CVE-2024-36015 In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_sim... | 7.8 | HIGH | — | 0 |
| CVE-2024-35943 In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated mem... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35948 In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note ... | 8.4 | HIGH | — | 0 |
| CVE-2024-35956 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35963 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35964 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35965 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35966 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without c... | 7.1 | HIGH | — | 0 |
| CVE-2024-35976 In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-36845 An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-47247 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommoda... | 7.8 | HIGH | — | 0 |
| CVE-2021-47352 In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid dat... | 7.8 | HIGH | — | 0 |
| CVE-2021-47412 In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47421 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68024 Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by ... | 7.8 | HIGH | — | 0 |
| CVE-2023-52857 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Chan... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.